Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Hello Monks,

I have written a Perl script for a website. The script accepts an image submitted by the user. The image is then displayed on the user's profile.

Clearly, there are security issues when accepting an image from a user. Here are some of the precautions I have taken:

  1. Make sure the image is no larger than 1 megabyte.
  2. Make sure the image mime type is jpeg, gif or png.
  3. Save the image on the web server under a randomly generated file name.
  4. Make sure the dimensions of the image is within an acceptable range of pixels. (I use the Image::Size module to determine the dimensions.)
  5. Make sure the user checks the box that says he has permission to upload the file as his image.

My concern is that, even with all those precautions, someone could still embed a virus in the image. How do I prevent this from happening? Should I use a module like Image::Magick to write a new image altogether? Do I need to run a virus check on each submitted image?

Also, are there any other security precautions that I need to take in regards to accepting a user-submitted image?

Thank you so much for your time and help.

In reply to security: making sure graphics uploaded by users are safe by keiusui

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and all is quiet...

    How do I use this? | Other CB clients
    Other Users?
    Others romping around the Monastery: (2)
    As of 2018-02-18 01:30 GMT
    Find Nodes?
      Voting Booth?
      When it is dark outside I am happiest to see ...

      Results (250 votes). Check out past polls.